From 9d0eb9b7b85a5fb7b26065a46600fe5edc4dbdab Mon Sep 17 00:00:00 2001
From: Pierre Schweitzer <pierre@reactos.org>
Date: Wed, 2 Jan 2019 23:01:24 +0100
Subject: [PATCH] [TCPIP] Don't trust the TEB

And trust the Russian hackers to exploit that.
---
 drivers/network/tcpip/include/precomp.h |  1 +
 drivers/network/tcpip/tcpip/fileobjs.c  | 14 +++++++++-----
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/drivers/network/tcpip/include/precomp.h b/drivers/network/tcpip/include/precomp.h
index b2cb75063dc..a96c4a51c3e 100644
--- a/drivers/network/tcpip/include/precomp.h
+++ b/drivers/network/tcpip/include/precomp.h
@@ -16,5 +16,6 @@
 #include <lock.h>
 #include <interface.h>
 #include <chew/chew.h>
+#include <pseh/pseh2.h>
 
 #endif /* _TCPIP_PCH_ */
diff --git a/drivers/network/tcpip/tcpip/fileobjs.c b/drivers/network/tcpip/tcpip/fileobjs.c
index f050a09b0ca..614f1e11479 100644
--- a/drivers/network/tcpip/tcpip/fileobjs.c
+++ b/drivers/network/tcpip/tcpip/fileobjs.c
@@ -396,7 +396,6 @@ NTSTATUS FileOpenAddress(
   PVOID Options)
 {
   PADDRESS_FILE AddrFile;
-  PTEB Teb;
 
   TI_DbgPrint(MID_TRACE, ("Called (Proto %d).\n", Protocol));
 
@@ -431,10 +430,15 @@ NTSTATUS FileOpenAddress(
   AddrFile->HeaderIncl = 1;
   AddrFile->ProcessId = PsGetCurrentProcessId();
 
-  Teb = PsGetCurrentThreadTeb();
-  if (Teb != NULL) {
-    AddrFile->SubProcessTag = Teb->SubProcessTag;
-  }
+  _SEH2_TRY {
+      PTEB Teb;
+
+      Teb = PsGetCurrentThreadTeb();
+      if (Teb != NULL)
+         AddrFile->SubProcessTag = Teb->SubProcessTag;
+  } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) {
+      AddrFile->SubProcessTag = 0;
+  } _SEH2_END;
 
   KeQuerySystemTime(&AddrFile->CreationTime);
 
-- 
2.17.1